Microsoft has officially stopped supporting Windows Server 2003. This means the popular operating system is no longer safe to use, since no new security patches will be released.
Millions of servers are still believed to be running Windows Server 2003 - and the upgrade process worldwide is estimated to be generating billions of dollars for hardware and software vendors.
However, there are measures IT managers can take to temporarily secure their OS installations – at least until a suitable migration plan is in place.
The day the earth stood still
Microsoft has a well-established framework for moving customers onto new releases: the lifespan of an operating system is around 10 years - five years under ‘mainstream support’ when new features are still being added, and another five under ‘extended support’ when only security updates are issued.
There are exceptions to this rule: Microsoft supported the immensely popular Windows XP for a total of 13 years, but despite this final act of mercy, the inevitable end caused a storm of bad publicity for the company.
The same is true for Windows Server 2003: despite an extension to its lifespan and repeated warnings, countless data centers around the world will continue running the obsolete OS.
For example, according to research carried out by American security vendor bit9 published in April, as many as two thirds of British businesses that run vintage Windows Server will continue using it after today’s deadline, and 10 percent have no contingency plan in place.
Organizations that are unable to migrate immediately should consider beefing up their security infrastructure. “In addition to “ringfencing” or additional network segmentation of Server 2003 systems, exploit and malware filtering can provide an additional layer of protection,” advised Karl Sigler, threat intelligence manager at Trustwave.
“Anti-malware gateways can filter exploits before they even reach your servers. This concept is generally known as “virtual patching”. By blocking an exploit with a gateway device like a WAF or a Secure Email Gateway, you’re not as dependent on the physical patches that Server 2003 will be missing.
“Network monitoring is also an important security step in this situation. By not upgrading Server 2003, your organisation will be taking on more risk with every vulnerability that goes unpatched. Monitoring your network for anomalous or strange traffic can be a crucial tool for identifying and containing a breach.”